index
:
fripost-ansible
master
Fripost ansible scripts
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
roles
/
common
/
templates
Commit message (
Expand
)
Author
Age
Files
*
typofix
Guilhem Moulin
2020-05-16
1
*
Upgrade baseline to Debian 10.
Guilhem Moulin
2020-05-16
6
*
/etc/apt/sources.list: Use https:// URIs.
Guilhem Moulin
2020-01-25
1
*
Improve/harden fail2ban configuration.
Guilhem Moulin
2020-01-25
1
*
Convert firewall to nftables.
Guilhem Moulin
2020-01-23
4
*
Postfix: disable DNS lookups on the internal SMTPds.
Guilhem Moulin
2020-01-23
1
*
tr/-/_/ in group names.
Guilhem Moulin
2020-01-22
3
*
MSA: Open 465/TCP for Email Submission over TLS.
Guilhem Moulin
2019-03-19
3
*
submission: Prospective SPF checking.
Guilhem Moulin
2018-12-12
2
*
IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.
Guilhem Moulin
2018-12-09
1
*
MSA verification probes: enable opportunistic encryption.
Guilhem Moulin
2018-12-09
1
*
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
Guilhem Moulin
2018-12-09
2
*
Firewall: disable outgoing access to git:// remote servers.
Guilhem Moulin
2018-12-09
1
*
ntp.conf: reduce delta with the packaged version.
Guilhem Moulin
2018-12-09
1
*
MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.
Guilhem Moulin
2018-12-09
1
*
postfix: remove explicit default 'mail_owner = postfix'.
Guilhem Moulin
2018-12-06
1
*
postfix ≥3.0: don't advertise SMTPUTF8 support.
Guilhem Moulin
2018-12-06
1
*
Install unbound on metal hosts.
Guilhem Moulin
2018-12-03
1
*
Define new host "calima" serving Nextcloud.
Guilhem Moulin
2018-12-03
1
*
Postfix: replace cdb & btree tables with lmdb ones.
Guilhem Moulin
2018-12-03
1
*
IPsec: allow ISAKMP over IPv6.
Guilhem Moulin
2018-12-03
1
*
Upgrade baseline to Debian Stretch.
Guilhem Moulin
2018-12-03
5
*
Postfix: replace 'fifo' types with 'unix', as it's the new default.
Guilhem Moulin
2018-04-04
1
*
Firewall: Allow DNS queries over TCP.
Guilhem Moulin
2018-04-04
1
*
APT: use deb.debian.org as archive source.
Guilhem Moulin
2018-04-04
1
*
Perform recipient address verification on the MSA itself.
Guilhem Moulin
2018-04-04
1
*
Upgrade syntax to Ansible 2.5.
Guilhem Moulin
2018-04-04
2
*
Fix detection of KVM guests.
Guilhem Moulin
2017-07-29
2
*
Don't install debsecan anymore by default.
Guilhem Moulin
2017-06-26
1
*
Webmail: don't allow outgoing TCP/993 connections.
Guilhem Moulin
2017-06-15
1
*
postfix: enable XFORWARD command from our internal relays.
Guilhem Moulin
2017-06-02
1
*
postfix: don't rate-limit our IPsec subnet.
Guilhem Moulin
2017-06-02
1
*
Don't let authenticated client use arbitrary sender addresses.
Guilhem Moulin
2017-06-01
1
*
Also install non-free firmwares on civett.
Guilhem Moulin
2017-05-30
2
*
Fix Ansible 2.2.0 compatibility of a Jinja2 template.
Guilhem Moulin
2017-01-14
1
*
postfix: Remove obsolete templates tls_policy/relay_clientcerts.
Guilhem Moulin
2016-07-12
1
*
Route all internal SMTP traffic through IPsec.
Guilhem Moulin
2016-07-10
3
*
Postfix: avoid hardcoding the instance names.
Guilhem Moulin
2016-07-10
1
*
Postfix: don't share the master.cf between the instances.
Guilhem Moulin
2016-07-10
1
*
Localize the NTP pool hostnames.
Guilhem Moulin
2016-07-09
1
*
Localize the debian archive hostnames.
Guilhem Moulin
2016-07-09
1
*
ClamAV (FreshClam): use a localized Database Mirror.
Guilhem Moulin
2016-07-09
1
*
IPSec → IPsec
Guilhem Moulin
2016-06-29
2
*
IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.
Guilhem Moulin
2016-05-24
1
*
Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.
Guilhem Moulin
2016-05-22
3
*
Tunnel munin-update traffic through IPSec.
Guilhem Moulin
2016-05-22
3
*
Tunnel internal NTP traffic through IPSec.
Guilhem Moulin
2016-05-22
2
*
Set up IPSec tunnels between each pair of hosts.
Guilhem Moulin
2016-05-22
5
*
postfix: Update to recommended TLS settings.
Guilhem Moulin
2016-05-18
1
*
postfix: disable weak ciphers for the 'encrypt' TLS security level.
Guilhem Moulin
2016-05-18
1
[next]